Matryoshka RAT

Description

(ClearSky) The Matryoshka infection framework is built of three parts:

• Dropper o Obfuscating code and signaling to the C2 that the file has been executed o Launching the loader and using it to execute functions. o Comparing anti-analysis logic and reporting it back to C2 • Reflective Loader o Employing anti-debugging and anti-sandboxing techniques o Runtime API Address resolver o Covert DLL injection of the RAT library o Persistence file on disk • RAT component o Configuring the Reflective Loader to survive reboots and process exits o DNS Command and Control communication o Common RAT functionalities

Names

Name
Matryoshka RAT
Matryoshka

Type

Backdoor
Dropper
Loader
Info stealer

Information

https://s3-eu-west-1.amazonaws.com/minervaresearchpublic/CopyKittens/CopyKittens.pdf

Mitre Attack

https://attack.mitre.org/software/S0167/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.matryoshka_rat

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:Matryoshka

Other Information

Uuid

dc27057d-c0bb-48f2-a418-4293b46366fc

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

Matryoshka RAT

Matryoshka RAT

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks